Virus Duqu, which was sent to the largest companies in the world, contains a lot of advanced features that can be developed only a group of highly skilled programmers, according to security researchers.
These features include verbatim processes that encrypt stolen data and insert them into the image before you send them to servers controlled by hackers, it was found in the analysis of researchers from the NSS.
Duqu is the first known rootkit modular network, the researchers report. This allows hackers to add or remove features, and very quickly change the server control with little effort. The researchers concluded that Duqu was developed by a team of highly qualified and motivated developers.
“Given the complexity of the system (driver code quality and impressive architecture), it is impossible to imagine what it was designed by one person or group of amateurs” – the researchers reported NSS, Mohamed Sueur and Matthew Molyneux. “And so, taking into account the experience of many years, the virus was developed by a competent programmer, highly organized and well financed.”
The modular design means that potentially virus consists of b on lshego number of components than observed at this time. NSS has released a scanning tool that can detect all installed on the infected system drivers Duqu. This tool has been used for the detection of two previously unknown drivers Duqu, the researchers reported.
“We hope that other researchers can use this tool to identify new drivers and, if desired, anonymously, to notify us of findings to ensure that we have studied the threat posed by Duqu, more fully,” – they said.
The researchers have echoed the published reports, which say that Duqu very similar to the worm Stuxnet . Analysis of NSS showed that Duqu uses a similar code and techniques, but sufficient evidence that is derived from Duqu Stuxnet, no.
“There is no long explanation as to why it was created as an advanced virus with a first-class system that allows the information to steal,” – the researchers report. “Why did so excel, to create a simple keystroke logger? Given the fact that not all drivers of the virus are detected, we can refer to Duqu razed threat whose effects we have yet to discover.”